在我的安全XML中,拦截包括以下内容:
<security:http auto-config="true" use-expressions="true" authentication-manager-ref="authenticationManager">
<security:headers>
<security:cache-control disabled="false"/>
</security:headers>
<security:csrf disabled="true"/>
<security:form-login
login-page="/login"
authentication-failure-url="/login_error"
username-parameter="username"
password-parameter="password"
default-target-url="/home"
always-use-default-target="false"
/>
<security:remember-me key="uniqueAndSecret" token-validity-seconds="604800"
remember-me-parameter="remember-me"/>
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/home" access="hasRole('ROLE_LOGIN')"/>
<security:intercept-url pattern="/business/*" access="hasRole('ROLE_MANAGE_BUSINESS')"/>
<security:intercept-url pattern="/clover/business/*" access="hasRole('ROLE_MANAGE_BUSINESS')"/>
<security:access-denied-handler error-page="/403"/>
<security:session-management session-fixation-protection="migrateSession" invalid-session-url="/login"
session-authentication-error-url="/logout">
</security:session-management>
<security:logout invalidate-session="true" logout-success-url="/login?logout" logout-url="/logout"
delete-cookies="JSESSIONID"/>
</security:http>
使用此设置,http://localhost:8080/admin/clover/business/{businessId}?cloverAppType=kiosk此URL被拦截,但http://localhost:8080/admin/clover/business/{businessId}/order?cloverAppType=kiosk&appName=MainApp该URL不被拦截(当用户注销时,可以访问该URL)。使用*通配符后,URL模式是否未被拦截?该如何解决?